Untitled

<?php

if (!($user -> LoggedIn()))
{
 if (isset($_POST['logINBoss']))
 {
 $captcha = htmlspecialchars($_POST["g-recaptcha-response"]);
 $secret = $odb->query("SELECT `google_secret` FROM `admin` LIMIT 1")->fetchColumn(0);
 $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secret."&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
 $response = json_decode($response);
 if (!$captcha || $response->success == false)
 {
 echo '<center><div class="alert alert-icon alert-warning alert-dismissible fade in" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>Invalid Captcha Code</div></center>';
 } else {
 $username = htmlspecialchars($_POST['username']);
 $password = htmlspecialchars($_POST['password']);
 $errors = array();
 if (!ctype_alnum($username) || strlen($username) < 4 || strlen($username) > 15)
 {
 //$errors[] = 'Username Must Be  Alphanumberic And 4-15 characters in length';
 }

 if (empty($username) || empty($password))
 {
 $errors[] = '<center><div class="alert alert-icon alert-danger alert-dismissible fade in" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>Fill in all fields.</div></center>">';
 }
 $SQL = $odb->prepare("SELECT `status` FROM `users` WHERE `username` = :username");
 $SQL->execute(array(':username' => $username));
 $status = $SQL->fetchColumn(0);
 if($status == 1)
 {
 $SQL = $odb->prepare("SELECT `reason` FROM `bans` WHERE `username` = :username");
 $SQL->execute(array(':username' => $username));
 $ban = $SQL->fetchColumn(0);
 header('location: banned.php');
 }
 if (empty($errors))
 {
 $SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
 $SQLCheckLogin -> execute(array(':username' => $username, ':password' => SHA1($password)));
 $countLogin = $SQLCheckLogin -> fetchColumn(0);
 if ($countLogin == 1)
 {
 $SQLGetInfo = $odb -> prepare("SELECT `username`, `ID`, `status` FROM `users` WHERE `username` = :username AND `password` = :password");
 $SQLGetInfo -> execute(array(':username' => $username, ':password' => SHA1($password)));
 $userInfo = $SQLGetInfo -> fetch(PDO::FETCH_ASSOC);
            if ($countLogin == 1)
            {
 $logAddr = $odb->prepare("INSERT INTO `login_history` (`username`,`ip`,`date`,`http_agent`) VALUES (:user, :ip, UNIX_TIMESTAMP(NOW()), :agent);");
 $logAddr->execute(array( ":user" => $username, ":ip" => $_SERVER['REMOTE_ADDR'], ":agent" => $_SERVER['HTTP_USER_AGENT']));
 htmlspecialchars($_SESSION['username'] = $userInfo['username']);
 htmlspecialchars($_SESSION['ID'] = $userInfo['ID']);
 echo '<center><div class="alert alert-icon alert-success alert-dismissible fade in" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>Login Successful!</div></center><meta http-equiv="refresh" content="1;url=index.php">';
 }
 else
 {
 echo '<center><div class="alert alert-icon alert-danger alert-dismissible fade in" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>You are Banned!</div></center>';
 }
 }
 else
 {
 echo '<center><div class="alert alert-icon alert-warning alert-dismissible fade in" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>Login Failed!</div></center>';
 }
 }
 else
 {
 echo '<div class="alert alert-danger"><p><strong>ERROR:</strong><br />';
 foreach($errors as $error)
 {
 echo '-'.htmlspecialchars_decode($error).'<br />';
 }
 echo '</div>';
 }
 }
}
}

?>